Facebook’s Data-Sharing Partnerships and the Limits of Privacy Protections

Our world runs increasingly on data. Concurrent with the rise of tools developed to analyze and glean insights from massive reams of information is the ascendance of data as a kind of currency—an aggregation of potential insights to help companies sell products, services, and more. Tech giants like Amazon, Google, Apple, and Facebook have worked to monetize the information they harvest, opening questions about the extent of consumer privacy protections in data-driven businesses.

Facebook has found itself embroiled in another data-centric controversy just months after facing criticism from the Cambridge Analytica scandal. The New York Times reported that Facebook, in their quest to become the world’s premier social media platform, reached data-sharing agreements with roughly 60 device makers (including leading lights like Microsoft, Samsung, Apple, Amazon, and BlackBerry) over the past decade, despite agreeing in a 2011 Federal Trade Commission (FTC) consent decree to gain explicit consent from users before overriding their privacy settings—an agreement that itself stemmed from findings that Facebook allowed third parties to collect personal details about users and their friends, regardless of privacy settings. In exchange for giving those companies access to its users’ personal information, Facebook enjoyed expanded reach as device makers offered Facebook-esque features, such as “like” buttons and messaging.

Below, we examine the extent of these partnerships and what they mean for individuals active on Facebook’s network.

Making Deals

Each partnership varied in length and engagement. An Apple spokesman told the New York Times they used Facebook data to create features that allowed users to post photos to Facebook without logging into the app, and that the partnership ended in September 2017. BlackBerry said they used the data to give their customers access to their personal Facebook messages and networks. Microsoft’s partnership, which began in 2008, allowed Microsoft devices to add contacts, receive notifications, and more, but the data was only stored locally, not on Microsoft’s servers. Samsung and Amazon declined to discuss specifics of the nature of their partnerships with Facebook.

Concerns

Concerns stem from broader issues about the collection and monetization of personal data by tech companies, as well as the limits of user control of data. The timing of the latest allegations is not ideal for the company – revelations about Facebook’s partnerships have further fanned the flames of outrage stemming from the recent Cambridge Analytica scandal, which revealed Facebook’s lax attitudes towards policing developers on its platform. Facebook maintains that the access utilized by Cambridge Analytica was closed by 2015 but the New York Times report indicates they failed to publicly disclose information about the nature of their partnerships with device makers.

Many developers are reliant on Facebook’s public application programming interfaces (APIs) for their products. But the company began building additional private APIs for device makers in 2007, when most phones were not powerful enough to run a Facebook app. Facebook continued building these channels through 2014, then exempted their partners from outsider status, instead viewing them as extensions of their platform. Ime Archibong, a vice president at Facebook, said the partnerships worked “very differently” from the way developers, who provide games and other services on the platform, operate. But during congressional hearings in the wake of Cambridge Analytica scandal, Facebook founder Mark Zuckerberg testified that “[users] have complete control over who sees [their content] and how [they] share it” – an assertion called into question as partnership agreements allowed for the proliferation of user data through their partners’ devices far beyond Facebook’s control.

Company Response

Facebook officials have defended their data sharing agreements, publicly claiming they do not violate the company’s privacy policies, the 2011 FTC agreement, and its more recent pledges to its users. Officials characterized its partners in these agreements as “service providers” (ala a payment processing service), thereby exempting Facebook from seeking additional permissions for data sharing. Facebook has offered assurances that any data storage was subject to strict rules, agreed upon between each company, and reaffirmed that they were not aware of any misuse of that data.

What’s Next?

Public skepticism about company control and usage of data is increasing, and lawmakers are beginning to step-in. While laws governing data usage are largely non-existent in the United States, Europe recently enacted very strict legislation protecting users’ information. Cambridge Analytica attracted government attention, with the FTC opening an investigation into violations of the 2011 decree, potentially subjecting Facebook to fines. Rohit Chopra, current commissioner of the FTC, declined to offer specific comments about Facebook, but characterized the serious and binding nature of their agreements with specific companies, stating “FTC orders are not suggestions. When companies violate them, there can be serious consequences.”

Facebook’s leaders have been forced to defend the company in front of legislators in Washington D.C., London, and Brussels, introducing recent changes in response that aim to return more control to its users. Whether the undesired spotlight continues to shine on Facebook and other companies regarding data usage remains to be seen – what is clear is that the climate is shifting, even in small ways, as the public and elected officials become aware of the value of data in the modern world.